Share this Page

Booz Allen military e-mails hacked

AntiSec hackers claim responsibility

By William Jackson

Jul 12, 2011

The amorphous Anti Security hacking campaign announced July 11 that it has broken into an unsecured server at government contractor Booz Allen Hamilton, copied about 90,000 military e-mails and password hashes, and made them available for downloading.

The announcement gave no details of the exploit used to enter the system, but said, “we infiltrated a server on their network that basically had no security measures in place. We were able to run our own application, which turned out to be a shell and began plundering some booty.”

Continuing in its pirate-themed language, it described other “booty” as “maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors and shady whitehat companies. This material surely will keep our blackhat friends busy for a while.”

Booz Allen has not commented on the incident, saying only through a spokesman that “we generally do not comment on specific threats or actions taken against our systems.”

The incident is the latest in a list of embarrassing and possibly connected breaches of government and contractor IT systems and Web sites, including the Senate, CIA, the Atlanta chapter of InfraGard and others.

The recent campaign appeared to begin with a group called LulzSec, which eventually announced a collaboration in June with the group Anonymous to launch Operation Anti-Security, saying “we encourage any vessel, large or small, to open fire on any government or agency that crosses their path. We fully endorse the flaunting of the word ‘AntiSec’ on any government website defacement or physical graffiti art. We encourage you to spread the word of AntiSec far and wide, for it will be remembered. To increase efforts, we are now teaming up with the Anonymous collective and all affiliated battleships.”

Shortly afterward, however, LulzSec announced it was disbanding, after one of its alleged members was arrested in England and some other hackers said they were targeting the group.

In its most recent announcement, AntiSec said it also gained access to 4G of source code on a Booz Allen server, “but this was deemed insignificant and a waste of valuable space, so we merely grabbed it, and wiped it from their system.”

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Thu, Jul 14, 2011
Fred the Fed

Should there be a penalty? An FBI investigation of a contractor's management of govt info if the company has laid itself open to attack, whatever the circumstances.A fine? A grand jury? Surely there is a cost to the government of such an event.
(All of this is more important than whether a company's business is affected by such an event.)
Should the company be compelled to disclose to all agencies it does business with what happened and what it is doing to prevent such problemsZ? all of these ideas are just common sense and allow all parties, and the public, to learn from such events.

Thu, Jul 14, 2011

ha...not ironic; pointed.

Tue, Jul 12, 2011

it's ironic that one of the companies that won a place in the SSC PAC's Cybersecurity contract was hacked.

Please post your comments here. Comments are moderated, so they may not appear immediately
after submitting. We will not post comments that we consider abusive or off-topic.

Do you have a password?

Trending

In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet.
Read More